With fraud on the rise, do you feel protected? SAFE is here to provide the tools you need to stay safe during the holidays and beyond.


FormJacking is a newer and particularly clever form of fraud. This occurs when cybercriminals infect a legitimate website with malicious code to take over the operation of certain website features. Once in control, they often seek out and target sensitive information belonging to consumers or users. 

With the theft of information as the objective, common targets are credit card details, addresses, phone numbers, email addresses, login credentials for the site (many people use the same passwords for other sites!) and any other information that can be captured on the checkout page of a website. What makes FormJacking even more difficult to combat is that once the thieves have your information, they often opt to sell it to other individuals that utilize if for simple crimes such as card fraud to more robust endeavors such as identity theft.


Phishing is one of the more common forms of cybercrimes due to its higher probability of success when measured against similar scams. There are many approaches that cybercriminals use to extract information from individuals, and these are specifically targeted for maximum effect. Examples include using emails to target individuals in a corporate setting, the messaging features on social media applications to target a younger demographic, and for casting a much wider net generic but alarming text messages that stress urgency and place victims in an emotional state. It is not uncommon for victims of phishing attacks to respond with personal information. The best way to defend against these types of attacks, is to ask questions:

  • Was I expecting this?
    • How could I have won a lottery I didn’t participate in?
    • The message includes an attachment, does it make sense that the source sent this or that you would be receiving it?
    • Is the message directly addressed to you, or is the recipient ambiguous?
  • Does this seem feasible?
    • An almost universal phishing tactic is to create an emotional response so that a logical thought process does not occur. This either involves creating stress, or a potential reward. One should be extremely cautious of any message that requires immediate action to either claim a prize or avoid a fee.
  • How can I verify?
    • If I received an email, text message, or file from any individual, is there a publicly listed phone number that I can call to ensure this is safe?
    • Does the email domain match the source?
  • Is this authentic?
    • A major indicator of authenticity is the grammar and spelling of the message. Errors in grammar and punctuation can be an indicator that the message was put through translation software. Furthermore, in some situations the errors are purposely included to circumvent filters and programs specifically designed to block out cyber-attacks.


Social Media Scam

Newer to the scam and fraud list but with a significantly higher number of cases are Social Media Scams. Due to the vast amount of people on social media networks, ample opportunities exist to find and take advantage of individuals with the methods mentioned above and some other more nefarious schemes. Other examples of scams and fraud encountered on social media networks include:

Sweepstakes / Prize Scams: social media has become an incredibly lucrative space for advertisers, and cunning fraudsters routinely capitalize on this. It is becoming increasingly difficult to tell the difference between an advertisement and a carefully constructed scam. A post that seems too good to be true such as a vacation to a top tier resort for a ridiculously low price, or perhaps tickets for a sold-out concert is more than likely a scam. Once the post has been clicked on, the fraudsters will attack with either FormJacking and / or Phishing techniques. These types of scams prey on vulnerable individuals and because of the substantial reward, the risk is not always taken into consideration by the victims.

Online Dating / Romance Scams: A particularly cruel scam, this method involves establishing a friendship or fictitious relationship with an individual over a dating app and / or social media. This scam takes place over several months and once initiated is extremely difficult to disrupt. Eventually however, the fraudster will attempt to obtain cash from their victim by feigning an emergency or a promise to come visit. This type of scam is particularly effective amongst individuals who are isolated or without access to frequent avenues of communication with friends or family.

Impersonation Scams: Fraudsters take advantage of publicly available information and craft convincing fake profiles to impersonate friends or family. Once constructed, they message their victim and request money, information, or both. Often, the fraudster will pretend to be in distress to elicit an emotional response and increase the likelihood of their scam being successful. These individuals tend to favor money being sent through digital channels such as wire transfers, or other Peer-To-Peer payment networks.


Skimming Devices

Leveraging weakness in technology, fraudsters have come up with high-tech solutions to steal valuable data from the locations that are supposed to be most secure: Automated Teller Machines (ATM) and Point of Sale (POS) devices. Using small but incredibly advanced devices, thieves capture financial data from physical cards, and personal identification numbers (PIN) with cameras. These devices are installed inside or on the physical processing units themselves, making them difficult to detect. Examples include plastic overlays that go on top of the card terminal to subtly scan the card’s magnetic strip when it is being presented, tiny cameras embedded into the device pin pad to capture PIN entries. The more devious devices are physically inserted inside an ATM or POS and can only be extracted with a tool utilized by the fraudsters. Awareness and curiosity are the best ways to prevent falling victim to this type of fraud. Here are some helpful hints:

  • If possible, pay inside or withdraw money directly from a teller. Although not 100% foolproof, fraudsters require an isolated ATM / POS for them to attach their devices. This is far less likely to occur with a machine that is being continuously observed by a person.
  • Look for signs of a tampered machine:
    • The plastic overlays, fake keypads, cameras, and more are typically attached with an adhesive. If something seems loose or cheaply made, it's highly suspicious.
    • Test the equipment: If something over a card reader seems as though it doesn’t belong, give it a quick tug. ATM and POS devices are well engineered to withstand decades of use, a fake item shoddily snapped or glued on will quickly fall off.


Learn More

Financial Wellness for YOU.

Listen to the Perfect Cents Podcast for more tips!


Hector Madueno

SAFE Financial Wellness Manager